ID CVE-2015-0015
Summary Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
CVSS
Base: 7.8 (as of 12-10-2018 - 22:07)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
msbulletin via4
bulletin_id MS15-007
bulletin_url
date 2015-01-13T00:00:00
impact Denial of Service
knowledgebase_id 3014029
knowledgebase_url
severity Important
title Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service
refmap via4
bid 71933
sectrack 1031532
secunia 62148
Last major update 12-10-2018 - 22:07
Published 13-01-2015 - 22:59
Last modified 12-10-2018 - 22:07
Back to Top